The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that provides for certain rights and protections for employees enrolled in group health plans. The Department of Health & Human Services Office for Civil Rights enforces the Privacy and Security rules.

Group health plans are considered “covered entities” and must comply with complex rules to ensure that the plan protects any individual identifiable medical information that it creates, transmits or stores.  Employers/plan sponsors of insured plans typically have few responsibilities because the insurance carrier must ensure compliance.  Employers/plan sponsors of self-insured plans (including health care flexible spending accounts) and insured plans that receive protected health information must comply with all aspects of the Privacy and Security rules. 

For more detailed information regarding HIPAA Privacy & Security and a compliance kit, please contact your Keller consultant or visit the Client Portal.